Health Data Protection: should you be worried?

Health data protection: is that even a thing?

Interested in data protection? you’ll certainly rejoice at the prospect of the European Union toughening up its framework of measures to ensure that personal data are protected, in view of the forecasted exponential generation and use of data pertaining to individuals’ lifestyles, choices, or consumption habits.

Or rather, the EU announced that the recently enacted Data Act coming into force on 23rd February 2022 will enforce a fairer digital economy while promoting free access to data for EU citizens. EU commissioner Thierry Breton anticipates that:

The Data Act will ensure that industrial data is shared, stored and processed in full respect of European rules.

 

It will form the cornerstone of a strong, innovative and sovereign European digital economy.

The Data act does not aim at health data but rather at creating a fairer playing field for the digital economy. In other words the clear objective is to enable better ownership, sharing and use as well as security of personal data across segments of industry. It sounds reassuring, or does it? If you want to know more about the EU Data Act: click here

In the health sector, the last couple years raised increasing concerns as regards the vulnerability of health data. Your decide hub regularly echoed the most flagrant health data leaks, ransomware or illegal exploitation of extremely sensitive personal information: click here for an illustration of the insight we bring to you.

Moreover, your Decide Hub blew the whistle a year ago already, anticipating that healthcare data would be a growing battlefield: click here to know more.

Lately on 20th February, a shocking data breach affected the UK National Health Service with a private contractor to whom the management of tens of thousands of patients’ private medical information was outsourced confessed that a leak due to a human mistake led to the massive disclosure of extremely confidential information (click here to access more information).

The question of data confidentiality, handling, maintaining as well as the security of the access and use of the data has never been more acute.

It appears that personal medical files complete with confidential information pertaining to conditions and treatments were passed through a USB flash disk by mistake. Can it be as simple as that to bypass the necessarily rigid protocols put in place by public authorities and which apply to the contractors they outsource data management to?

One can only hope that the necessary debate will not stray and fall in the traditional trap of opposing public and private sectors: the stakes are much higher than the over simplistic question of private sector contracting or public sector stewardship and operation.

The crux of the matter remains the exponential growth of health data of sensitive nature generated against the backdrop of vulnerable technologies used to process, store, action and share these data.